Policy rules
Basic rules
How to write policy rules in Calico Cloud — label selectors, source and destination match criteria, and rule actions.
Use namespace rules in policy
Group or separate workloads in Calico Cloud policy using namespaces and namespace selectors so policies apply only to specified namespaces.
Use service accounts rules in policy
Match on Kubernetes service accounts in Calico Cloud policy rules to validate workload identity and apply RBAC-controlled rules.
Use service rules in policy
Match on Kubernetes Service names in Calico Cloud policy rules instead of specific pod selectors.
Use external IPs or networks rules in policy
Restrict egress and ingress to specific IP ranges in Calico Cloud policy, either inline or via reusable network sets.
Use ICMP/ping rules in policy
Allow or deny ICMP and ping traffic for Calico Cloud workloads and host endpoints using policy rules.